From 0acc97e09eb8c6a7a30b88acd9252b9e47be13d2 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 4 Oct 2023 15:32:47 +0000 Subject: [PATCH 1/3] Print docker images --- .gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ef8bbab..c1ca052 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -89,6 +89,8 @@ lightburn-download: services: - docker:dind script: + - echo DOCKER_IMAGE_BUILDER=$DOCKER_IMAGE_BUILDER + - echo DOCKER_IMAGE_SECURITY_SCANNER=$DOCKER_IMAGE_SECURITY_SCANNER - scripts/packer.sh debian-bookworm - aws --endpoint-url "$AWS_ENDPOINT_URL" s3 cp images/ "s3://$AWS_BUCKET/$CI_COMMIT_REF_SLUG/$CI_JOB_ID/" --recursive --no-progress artifacts: From 8e8647fdbd5de91f69c95c566393a3bab66a2853 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 4 Oct 2023 15:30:59 +0000 Subject: [PATCH 2/3] Fix path matching --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c1ca052..aa2492f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -38,7 +38,7 @@ dockerimage_builder: - if: changes: paths: - - builder + - builder/**/* compare_to: main when: on_success From f6070572faadff6e9bfb0c463417ae1323c534f0 Mon Sep 17 00:00:00 2001 From: Jakob Lechner Date: Wed, 4 Oct 2023 15:11:34 +0000 Subject: [PATCH 3/3] Build security-scanner image only when necessary --- .gitlab-ci.yml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index aa2492f..5b8b6f3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,7 +7,7 @@ variables: ANNOUNCE: http://labsync.lab.fablab-nea.de:6969/announce WEBSEED: http://labsync.lab.fablab-nea.de/labsync/$CI_COMMIT_REF_NAME/$CI_PIPELINE_ID/images DOCKER_IMAGE_BUILDER: ${CI_REGISTRY_IMAGE}/labsync-builder:main - DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG + DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:main DOCKER_TLS_CERTDIR: "" stages: @@ -53,9 +53,19 @@ dockerimage_security_scanner: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - make secscanimg - docker push $DOCKER_IMAGE_SECURITY_SCANNER - except: - refs: - - schedules + - echo "DOCKER_IMAGE_SECURITY_SCANNER=${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG" >> build.env + artifacts: + reports: + dotenv: build.env + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + when: on_success + - if: + changes: + paths: + - security-scanner/**/* + compare_to: main + when: on_success security_scanner: stage: check